@@ -262,10 +262,10 @@ export class MeshService extends Construct {
262262
263263 const certificate = props . certificateArn
264264 ? acm . Certificate . fromCertificateArn (
265- this ,
266- `certificate` ,
267- props . certificateArn
268- )
265+ this ,
266+ `certificate` ,
267+ props . certificateArn
268+ )
269269 : undefined ;
270270
271271 if ( ! certificate ) throw Error ( "Must pass certificate" ) ;
@@ -498,139 +498,139 @@ export class MeshService extends Construct {
498498
499499 const defaultRules : CfnWebACL . RuleProperty [ ] = props . blockAll
500500 ? [
501- {
502- name : "BlockNonAllowedIps" ,
503- priority : props . allowedIpPriority || 2 ,
504- statement : {
505- notStatement : {
506- statement : {
507- orStatement : {
508- statements : [
509- {
510- ipSetReferenceStatement : {
511- arn : allowedIpList . attrArn ,
512- ipSetForwardedIpConfig : {
513- fallbackBehavior : "MATCH" ,
514- headerName : "X-Forwarded-For" ,
515- position : "FIRST" ,
501+ {
502+ name : "BlockNonAllowedIps" ,
503+ priority : props . allowedIpPriority || 2 ,
504+ statement : {
505+ notStatement : {
506+ statement : {
507+ orStatement : {
508+ statements : [
509+ {
510+ ipSetReferenceStatement : {
511+ arn : allowedIpList . attrArn ,
512+ ipSetForwardedIpConfig : {
513+ fallbackBehavior : "MATCH" ,
514+ headerName : "X-Forwarded-For" ,
515+ position : "FIRST" ,
516+ } ,
516517 } ,
517518 } ,
518- } ,
519- {
520- ipSetReferenceStatement : {
521- arn : allowedIpv6List . attrArn ,
522- ipSetForwardedIpConfig : {
523- fallbackBehavior : "MATCH " ,
524- headerName : "X-Forwarded-For " ,
525- position : "FIRST" ,
519+ {
520+ ipSetReferenceStatement : {
521+ arn : allowedIpv6List . attrArn ,
522+ ipSetForwardedIpConfig : {
523+ fallbackBehavior : "MATCH" ,
524+ headerName : "X-Forwarded-For " ,
525+ position : "FIRST " ,
526+ } ,
526527 } ,
527528 } ,
528- }
529- ]
529+ ] ,
530+ } ,
530531 } ,
531- }
532+ } ,
533+ } ,
534+ visibilityConfig : {
535+ cloudWatchMetricsEnabled : true ,
536+ metricName : "IPAllowList" ,
537+ sampledRequestsEnabled : true ,
538+ } ,
539+ action : {
540+ block : { } ,
532541 } ,
533542 } ,
534- visibilityConfig : {
535- cloudWatchMetricsEnabled : true ,
536- metricName : "IPAllowList" ,
537- sampledRequestsEnabled : true ,
538- } ,
539- action : {
540- block : { } ,
541- } ,
542- } ,
543- ]
543+ ]
544544 : [
545- {
546- name : "IPAllowList" ,
547- priority : props . allowedIpPriority || 2 ,
548- statement : {
549- ipSetReferenceStatement : {
550- arn : allowedIpList . attrArn ,
551- ipSetForwardedIpConfig : {
552- fallbackBehavior : "MATCH" ,
553- headerName : "X-Forwarded-For" ,
554- position : "FIRST" ,
545+ {
546+ name : "IPAllowList" ,
547+ priority : props . allowedIpPriority || 2 ,
548+ statement : {
549+ ipSetReferenceStatement : {
550+ arn : allowedIpList . attrArn ,
551+ ipSetForwardedIpConfig : {
552+ fallbackBehavior : "MATCH" ,
553+ headerName : "X-Forwarded-For" ,
554+ position : "FIRST" ,
555+ } ,
555556 } ,
556557 } ,
558+ visibilityConfig : {
559+ cloudWatchMetricsEnabled : true ,
560+ metricName : "IPAllowList" ,
561+ sampledRequestsEnabled : true ,
562+ } ,
563+ action : {
564+ allow : { } ,
565+ } ,
557566 } ,
558- visibilityConfig : {
559- cloudWatchMetricsEnabled : true ,
560- metricName : "IPAllowList" ,
561- sampledRequestsEnabled : true ,
562- } ,
563- action : {
564- allow : { } ,
565- } ,
566- } ,
567- {
568- name : "IPv6AllowList" ,
569- priority : props . allowedIpv6Priority || 3 ,
570- statement : {
571- ipSetReferenceStatement : {
572- arn : allowedIpv6List . attrArn ,
573- ipSetForwardedIpConfig : {
574- fallbackBehavior : "MATCH" ,
575- headerName : "X-Forwarded-For" ,
576- position : "FIRST" ,
567+ {
568+ name : "IPv6AllowList" ,
569+ priority : props . allowedIpv6Priority || 3 ,
570+ statement : {
571+ ipSetReferenceStatement : {
572+ arn : allowedIpv6List . attrArn ,
573+ ipSetForwardedIpConfig : {
574+ fallbackBehavior : "MATCH" ,
575+ headerName : "X-Forwarded-For" ,
576+ position : "FIRST" ,
577+ } ,
577578 } ,
578579 } ,
580+ visibilityConfig : {
581+ cloudWatchMetricsEnabled : true ,
582+ metricName : "IPv6AllowList" ,
583+ sampledRequestsEnabled : true ,
584+ } ,
585+ action : {
586+ allow : { } ,
587+ } ,
579588 } ,
580- visibilityConfig : {
581- cloudWatchMetricsEnabled : true ,
582- metricName : "IPv6AllowList" ,
583- sampledRequestsEnabled : true ,
584- } ,
585- action : {
586- allow : { } ,
587- } ,
588- } ,
589- {
590- name : "IPBlockList" ,
591- priority : props . blockedIpPriority || 4 ,
592- statement : {
593- ipSetReferenceStatement : {
594- arn : blockedIpList . attrArn ,
595- ipSetForwardedIpConfig : {
596- fallbackBehavior : "MATCH" ,
597- headerName : "X-Forwarded-For" ,
598- position : "FIRST" ,
589+ {
590+ name : "IPBlockList" ,
591+ priority : props . blockedIpPriority || 4 ,
592+ statement : {
593+ ipSetReferenceStatement : {
594+ arn : blockedIpList . attrArn ,
595+ ipSetForwardedIpConfig : {
596+ fallbackBehavior : "MATCH" ,
597+ headerName : "X-Forwarded-For" ,
598+ position : "FIRST" ,
599+ } ,
599600 } ,
600601 } ,
602+ visibilityConfig : {
603+ cloudWatchMetricsEnabled : true ,
604+ metricName : "IPBlockList" ,
605+ sampledRequestsEnabled : true ,
606+ } ,
607+ action : {
608+ block : { } ,
609+ } ,
601610 } ,
602- visibilityConfig : {
603- cloudWatchMetricsEnabled : true ,
604- metricName : "IPBlockList" ,
605- sampledRequestsEnabled : true ,
606- } ,
607- action : {
608- block : { } ,
609- } ,
610- } ,
611- {
612- name : "IPv6BlockList" ,
613- priority : ( props . blockedIpPriority || 4 ) + 1 ,
614- statement : {
615- ipSetReferenceStatement : {
616- arn : blockedIpv6List . attrArn ,
617- ipSetForwardedIpConfig : {
618- fallbackBehavior : "MATCH" ,
619- headerName : "X-Forwarded-For" ,
620- position : "FIRST" ,
611+ {
612+ name : "IPv6BlockList" ,
613+ priority : ( props . blockedIpPriority || 4 ) + 1 ,
614+ statement : {
615+ ipSetReferenceStatement : {
616+ arn : blockedIpv6List . attrArn ,
617+ ipSetForwardedIpConfig : {
618+ fallbackBehavior : "MATCH" ,
619+ headerName : "X-Forwarded-For" ,
620+ position : "FIRST" ,
621+ } ,
621622 } ,
622623 } ,
624+ visibilityConfig : {
625+ cloudWatchMetricsEnabled : true ,
626+ metricName : "IPv6BlockList" ,
627+ sampledRequestsEnabled : true ,
628+ } ,
629+ action : {
630+ block : { } ,
631+ } ,
623632 } ,
624- visibilityConfig : {
625- cloudWatchMetricsEnabled : true ,
626- metricName : "IPv6BlockList" ,
627- sampledRequestsEnabled : true ,
628- } ,
629- action : {
630- block : { } ,
631- } ,
632- } ,
633- ] ;
633+ ] ;
634634
635635 if ( props . rateLimit && ! props . blockAll ) {
636636 defaultRules . push ( {
0 commit comments